I'm just trying to explain that not showing passwords in the log does not make the server any more secure. That's just something that many people think and then have a false sense of security.

It's like the one that create .bat file that wanted password to run the server. That's also not increasing security.

Click to expand...

How can it not increase security? The database that contains the passwords are on another server using MD5 encryption. So not showing passwords in the logs would sort my problem of using this, surely there should be a way.

I'm just trying to explain that not showing passwords in the log does not make the server any more secure. That's just something that many people think and then have a false sense of security

Click to expand...

Excuse-me but... of course it have sence ...it improve security to not save password clearly somewhere ! if your game server is hacked, the hacker go read logfile and he can see password of each player !!! In my case like 99% of people in this world passwords are crypted and saved (in a mysql or a file or something like that...) so the hacker can't get clearly password except with your plugin so sorry but it's very bad thing

(And don't tell it's not improving sécurity to save CRYPTED password only and not in clear, Linux do it, Microsoft do it, each serious website do this...)

keeps saying i tried to use a command and it works anyways. if it says that everyone tried then how do i know who DID. i think it might be built in permissions. im using Version 1000. ive been out of the loop on bukkit for a while =(
is there something i must change?

keeps saying i tried to use a command and it works anyways. if it says that everyone tried then how do i know who DID. i think it might be built in permissions. im using Version 1000. ive been out of the loop on bukkit for a while =(
is there something i must change?

Click to expand...

It says <name> tried to use <command>. It does not stop the command from execution (there is plgdisablecmd) the rest I don't really understand

Guys can I just point out somethings:If the server has been breached your screwed...
The server software will contain the Md5s for decrypting all the passwords, in a way this plugin actually is secure 'cause it reminds admins to make everyone change their pwords after a breach.If a hacker can get access to the log files, your screwed...
As of current Notch has not implemented Md5 encrypted chat, that means your precious passwords are sent in plain text anyway! Trust me the logs are far more secure than a plain text file zipping across the net. It's far easier to sniff a couple of packets than to break into a machine...What is so precious about these plugins??
Since the switch to AWS minecraft.net has barely been down, that means offline mode servers with authenticating plugins are just there to do nothing more than to provide players who feel they can rip off Notch's work illegally with more services!

Guys can I just point out somethings:If the server has been breached your screwed...
The server software will contain the Md5s for decrypting all the passwords, in a way this plugin actually is secure 'cause it reminds admins to make everyone change their pwords after a breach.If a hacker can get access to the log files, your screwed...
As of current Notch has not implemented Md5 encrypted chat, that means your precious passwords are sent in plain text anyway! Trust me the logs are far more secure than a plain text file zipping across the net. It's far easier to sniff a couple of packets than to break into a machine...What is so precious about these plugins??
Since the switch to AWS minecraft.net has barely been down, that means offline mode servers with authenticating plugins are just there to do nothing more than to provide players who feel they can rip off Notch's work illegally with more services!

Click to expand...

Ok so I agree if you get hacked is easy to get passwords BUT it's a fully wrong way of thinking to not crypt theses password. It's like you give hand to your hacker. Let him do his own plugin... it make already one more difficulty.

And in my use logs are accessible by my website for admins. I don't want my admins can read passwords (me also). It's not usefull to see it. That's why I made mine. I know I can parse the log file before showing it on my webpages but when I've got a problem I solve it at the source. So I made a GOOD plugin to do that.

Those things are in consideration, but currently I have not spare time for my plugins except for keeping them updated.

Click to expand...

I would like this functionality as well, so mods and OPs can monitor what's happening on the server somewhat easier. If you do get the time to update this mod, it would be much appreciated.
Thanks,
Thom

Ok so I agree if you get hacked is easy to get passwords BUT it's a fully wrong way of thinking to not crypt theses password. It's like you give hand to your hacker. Let him do his own plugin... it make already one more difficulty.

And in my use logs are accessible by my website for admins. I don't want my admins can read passwords (me also). It's not usefull to see it. That's why I made mine. I know I can parse the log file before showing it on my webpages but when I've got a problem I solve it at the source. So I made a GOOD plugin to do that.

Click to expand...

The biggest threat to your server's security would be people who hit . instead of /. I recently got a disguise mod for my server (to follow a possible griefer) the first thing one of my mods did was to hit . instead of / and blow our cover :sadface:.

The biggest threat to your server's security would be people who hit . instead of /. I recently got a disguise mod for my server (to follow a possible griefer) the first thing one of my mods did was to hit . instead of / and blow our cover :sadface:.

Click to expand...

Yeah and what ? does it mean you don't have to secure anything else ? You are 16... you'll grow up but if you continue thinking like that, your naivety will cause you problems when you'll work for a company...